CT-ISG: Integrated Enterprise Security Management

CT-ISG：集成企业安全管理

• 批准号: 0714647
• 负责人: Angelos Keromytis
• 金额: $ 28.65万
• 依托单位: Columbia University
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2007
• 资助国家: 美国
• 起止时间: 2007-08-01 至 2010-07-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0714647&HistoricalAwards=false
• 关键词: CT; ISG; Integrated; Enterprise; Security

The complexity of modern large-scale systems has caused a transitionfrom a purely perimeter-based defensive model to one where securitymechanisms pervade the infrastructure. However, there has not been acorresponding evolution in the model under which security policyoperates in such environments: policies must still make independentdecisions using only partial information: just what is known by thatcomponent at the time the decision is made. Thus, security policy mustoperate under certain assumptions that often cannot be validated. Suchunchecked assumptions offer a way for attackers to bypass security byexploiting unforeseen loopholes. Consequently, administrators oftenuse additional security mechanisms, such as intrusion-detectionsystems, that are poorly integrated with each other and with theexplicit system access-control policy.This project is exploring the use of coordinated security policymechanisms in heterogeneous, large-scale distributed environments. Theassumptions on which security policy decisions are based are alwayschecked against current facts. Changes of these facts are signaled byevents propagated to other security-critical elements. Securitymechanisms become dynamic, allowing for coordinated and continuouspolicy re-evaluation throughout the duration of an entity'sinteractions with the various components of the system. This modelnaturally integrates access control, intrusion detection and otherdefensive mechanisms, allowing for the unification of protection andreaction under the auspices of a common security policy. The result isa more reliable and robust computing infrastructure that is resilientto new threats and attacks, and bridge the gap between thecapabilities offered by advanced defense mechanisms and the inabilityof security policy to take advantage of them in a coherent,coordinated manner.

现代大型系统的复杂性导致从纯粹基于边界的防御模型转变为安全机制遍布基础设施的模型。然而，安全策略在此类环境中运行的模型并没有发生相应的演变：策略仍然必须仅使用部分信息（即做出决策时该组件所知道的信息）做出独立决策。因此，安全策略必须在某些通常无法验证的假设下运行。这种未经检验的假设为攻击者提供了一种通过利用不可预见的漏洞来绕过安全性的方法。因此，管理员经常使用额外的安全机制，例如入侵检测系统，这些机制彼此之间以及与显式系统访问控制策略的集成很差。该项目正在探索在异构、大规模分布式环境中使用协调的安全策略机制。安全策略决策所依据的假设总是根据当前事实进行检查。这些事实的变化通过传播到其他安全关键元素的事件来表示。安全机制变得动态，允许在实体与系统的各个组件交互的整个过程中进行协调和连续的策略重新评估。该模型自然地集成了访问控制、入侵检测和其他防御机制，允许在通用安全策略的支持下统一保护和响应。其结果是一个更可靠、更强大的计算基础设施，能够抵御新的威胁和攻击，并弥合了先进防御机制提供的功能与安全策略无法以连贯、协调的方式利用它们之间的差距。